Some embodiments described herein relate generally to enterprise networks, and, in particular, to methods and apparatus for enforcing a common user policy within an enterprise network architecture.
Some known enterprise networks use different types of authentication to provide access to data resources for a user depending on the location of the user, the type of the client device, and the access method of the user. In such a known enterprise network, policy management and enforcement is typically done in a distributed fashion such that user-specific access controls are spread throughout multiple layers of the network. As a result, user policies are configured independently at individual network elements across multiple layers of the network without much co-ordination. Such a distributed method of enforcing user policies, however, typically requires each individual network element to be manually configured in accordance with its physical connectivity to other elements in the network, which makes the work of a network administrator difficult and cumbersome. Moreover, user policy configuration and enforcement is typically implemented separately in the wireless portion and the wired portion of such an enterprise network, which adds another level of complexity to the job of the network administrator.
Accordingly, a need exists for an enterprise network that allows for a common policy infrastructure to provide access to information and services independent of a user's location, access method and client device being used, such that user policies can be configured at a central point of the network.